The transition to the cloud has changed everything! It has upended where apps are hosted, as well as the movement of enterprises’ most valuable digital assets and sensitive data. Access has been redefined and firewall-based perimeters are a thing of the past. Now special considerations are required for users working from everywhere—on both managed and unmanaged devices—as well as address the ever-growing Internet of Things (IoT). Plus, new zero trust approaches unlock an entirely new paradigm to secure access by narrowing the attack surface, eliminating the risk from lateral movement due to compromised credentials or VPN vulnerabilities. Accordingly, this has changed how organizations of all sizes, across all verticals, employ security to harden their business and reduce risk, while at the same time look to reduce costs, gain efficiencies, and embrace greater agility.
We’ve seen this first hand at Netskope with the increased interest in the Security Service Edge (SSE), which ties into the larger framework of SASE and the inevitable convergence of networking and security. Beyond the security and compliance mindset of the CISO, for networking and infrastructure leaders this has triggered a refactoring of how to measure and ensure performance for users and applications, or what is commonly thought of as “digital experience.” With applications no longer in the enterprise data center, user access is shifting from relying on the legacy Wide Area Network (WAN) to being run across the public internet. Plus with users embracing hybrid work, sometimes in the office while other times remote, orienting digital experience on a cloud-centric approach is critical. These macro trends have shifted the best approach for ensuring a high-quality digital experience away from relying solely on agent-based approaches, synthetic data, or simulated traffic to more cloud-centric strategies with a focus on real user traffic and actionable insights.
The cloud is central to understanding digital experience
Powered by its NewEdge infrastructure, Netskope provides a cloud-native solution that focuses on securing and protecting all traffic—including web, cloud, SaaS, private apps, and more—for comprehensive security addressing end-to-end transactions. This begins when the user first connects and their traffic on-ramps to NewEdge—regardless of whether in the branch or working remote—followed by real-time and inline security traffic processing, and finally through to the apps, services, or data the users are accessing. At the core of the Netskope strategy is delivering on digital experience to ensure a smooth transition to the cloud and applying advanced, context-aware, and data-centric security without sacrificing performance. Bottom line, if the user experience suffers or apps are slow and unresponsive, then productivity is impacted and users may try to work around security controls, potentially exposing organizations to significant security risk.
The classical approach to assess digital experience has mandated embedded agents be deployed on every endpoint. This translated into increased costs, complexity, effort, and time to constantly maintain configurations and manage the deployment, including updated versions of the agent software. Additionally, with the plethora of unmanaged devices and growing Internet of Things (IoT), endpoint agents are limited by their platform support which creates a constant and growing gap in coverage for enterprises.
A number of cloud security vendors have elaborate solutions in this area or have built expansive aggregation platforms marketed as products, services, and professional services to help organizations address the ever-evolving challenges of digital experience. Yet what’s happening more and more for networking and infrastructure leaders, accelerated by cloud adoption, is that so many things are no longer under their sole control and jurisdiction. They have to operate with a new crop of stakeholders that are influencing a large number of impactful decisions to the business, plus major implications for their areas of ownership and responsibility.
It quickly becomes apparent that a better, more streamlined approach is to leverage the cloud as the center point for getting the visibility and control needed, with as little reliance on agents as possible. Similarly, customers need immediate value and digital experience cannot be put on hold waiting on setup and configuration or data collection and analysis to be completed.
The user and application experience is key to cloud security
At Netskope, we focus on an out-of-the-box approach for the fastest time to value for customers, so they can glean powerful insights and visibility into their digital experience. This allows for issues to be identified and remediated more quickly, for example determining if an issue is localized to a specific user, region, or app, literally with a single mouse click in the Netskope Admin UI. This is also why using real user traffic is the lynchpin of the Netskope strategy, so networking and infrastructure practitioners, HelpDesk staff, or even the CIO accessing a high-level executive dashboard, are able to get instant visibility into what is going on and take contextual action to address it.
At Netskope, we want to extend the power of digital experience monitoring to the cloud world, aligned with where the users, apps, and data have moved—providing end-to-end assurance of user and app experience across all boundaries—whether on or off the traditional enterprise WAN. It’s also how we hope to get our customers to a proverbial state of nirvana, so they have the fastest possible ”mean time to innocence” when issues arise. It’s also why using real user traffic over synthetic probes and simulated traffic is so important. Case in point, for our customers with hundreds or thousands of SaaS apps in use—most not under the purview of IT (aka shadow IT) and instead deployed by different lines of business—how can you possibly monitor and ensure performance for something that is outside of your line of sight? Same story with the public internet when traffic is naturally being redirected on its own for efficiency and resilience globally (aka the beauty of TCP/IP) with the end-to-end network path out of the enterprise networking or infrastructure practitioner’s control.
Furthermore, how can you accurately measure if relying on synthetics or simulations alone, as they only provide a best estimate, theoretical or historical view? And then what about the digital experience when unplanned events occur, such as a major weather event, power outage or blackout, or even civil unrest strikes? Actioning against the unexpected requires a view into what’s happening in the present and being nimble and responsive for the future. With the real user traffic and telemetry data we leverage in the Netskope solution for digital experience monitoring, it is the ”real deal” in terms of accurately portraying what is happening. It is why early adopters love it, and why our advanced Netskope Digital Experience Management (DEM) solution is redefining how to properly deliver a superior user and application experience for the cloud while taking advantage of SSE capabilities.
Benefits of the Netskope approach for the cloud and SSE
While monitoring is interesting, customers ultimately need the tools to apply and ideally make recommendations to best apply this knowledge. That’s a big focus of the approach we’ve taken strategically at Netskope, and even why we chose to brand it as a solution for digital experience “management” not monitoring. Today, the DEM dashboards provide one-click, instant access to the views customers need—including an overview of their customer tenant, network and client steering, private apps, as well as status and health of the Netskope Security Cloud—combined with the filtered views to inform decision-making. This might be to assess the success of a cloud migration or new app initiative, understanding if hybrid work in a remote region is a viable option, or understanding network usage to make smart decisions for capacity planning related to their existing network elements, such as next-gen firewalls, proxies or SD-WAN devices.
As customers embrace the cloud and look to consolidate investments by gravitating to SSE and in the longer-term adopt a SASE architecture, functionality around ensuring a good digital experience is obviously key. In this case, having your head in the clouds and being 100% cloud-native is a critical business requirement. But also the underlying architecture that these digital experience capabilities get delivered on is equally important as the performance and availability of the SSE infrastructure should be exposed. This is where service level agreements (or SLAs) come in to provide a level of enforcement between the vendor (or service provider) and the customer. Accordingly, results against these SLAs should show up in the customer’s dashboard for example, and that’s the direction Netskope is taking with DEM. Baselines to quickly understand if user, app, or network performance is red, green, or yellow at any given moment in time are equally important.
On this track, we’ve taken the approach of leading the industry with the hardest-hitting SLAs for things like traffic processing efficiency in our data centers, in fact being the first vendor to deliver SLAs specifically for encrypted traffic (which represents approximately 90% of all enterprise traffic today). This SLA leadership is a big deal and speaks to why Netskope invested well over $100M in NewEdge, as well as the strategy behind its extensive peering for fast, low latency interconnects with web, cloud, and SaaS providers (e.g. Microsoft, Google, Amazon, Salesforce, and so on). Ultimately, Netskope DEM is our way to showcase our performance advantage and prove to customers we are over-achieving against these commits.
Embrace the cloud and SSE without sacrificing on performance
Adoption of SSE requires security teams to get the high-efficacy combined with the depth and breadth of features—whether for advanced threat prevention against the latest ransomware or data protection to guard the enterprise’s crown jewels of personally identifiable information (PII) or trade secrets. In addition, the networking and infrastructure teams that lead or influence the SSE decision, must be able to ensure the user and app experience doesn’t suffer along the way in the larger digital transformation. Ideally, Netskope wants to make performance better after SSE is introduced. And, we’ve already received positive feedback from our customers who have seen a “50% performance improvement for key apps” or in one case a “6x improvement” for a customer’s number one SaaS app.
With DEM, if and when an issue arises, Netskope empowers customers with powerful SSE capabilities and controls to notice risks, identify issues and react quickly to keep the business up and running to get a competitive advantage. And let’s face it, no one in IT wants their pager or mobile phone to go off at midnight because a user cannot connect or is unable to access the app they need to do their job, like bo